有部 server 中左 , port scan 其他機 , 可以點搞 ?
本帖最後由 peterchu1 於 2020-8-11 13:26 編輯
以下係 event log ( 有少量修改過的 ) , kaspersky 做過 full scan , 但又出 No threat .
有無方法可以再防止 port scan ?
========================================
Log Name: Kaspersky Endpoint Security
Source: avp
Date:
Event ID: 643
ask Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Event type: Malicious object detected
Application\Name: Windows Command Processor
Application\Path: C:\Windows\SysZEZ4\
Application\Process ID: 17343
User: NT AUTHORITY\SYSTEM (System user)
Component: File Threat Protection
Result\Description: Detected
Result\Type: Trojan
Result\Name: HEUR:Trojan.Win32.JPotato.gen
Result\Threat level: High
Result\Precision: Heuristic analysis
Object: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\dg.exe
Object\Type: File
Object\Path: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\dg64.exe
Object\Name: jp64.exe
Reason: Expert analysis
Database release date:
Hash: 2effage66a1056gdf586glfsafjsalkfjaf
========================================
Log Name: Kaspersky Endpoint Security
Source: avp
Date:
Event ID: 231
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Event type: Active threat detected. Start Advanced Disinfection
Application\Name: Kaspersky Endpoint Security for Windows
User: NT AUTHORITY\SYSTEM (System user)
Component: Protection
==================================================
Log Name: Kaspersky Endpoint Security
Source: avp
Date:
Event ID: 423
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Event type: Malicious object detected
Application\Name: IIS Worker Process
Application\Path: C:\Windows\System32\inetsrv\
Application\Process ID: 8272
User: NT AUTHORITY\SYSTEM (System user)
Component: File Threat Protection
Result\Description: Detected
Result\Type: Trojan
Result\Name: Trojan.ASP.Agent.at
Result\Threat level: High
Result\Precision: Exactly
Object: C:\inetpub\wwwroot\entrance\result01.asp
Object\Type: File
Object\Path: C:\inetpub\wwwroot\entrance\result01.asp
Object\Name: result01.asp
Reason: Automatic analysis
Database release date: |
|
|